Probabilistic reasoning in intelligent systems: networks of plausible inference
Probabilistic reasoning in intelligent systems: networks of plausible inference
ACM Transactions on Computer Systems (TOCS)
Trust-based navigation in distributed systems
Computing Systems
A Quantitative Model of the Security Intrusion Process Based on Attacker Behavior
IEEE Transactions on Software Engineering
Experimenting with Quantitative Evaluation Tools for Monitoring Operational Security
IEEE Transactions on Software Engineering
Trust and deception in virtual societies
On the characterisation of a trusting agent - aspects of a formal approach
Trust and deception in virtual societies
Bayesian Networks and Decision Graphs
Bayesian Networks and Decision Graphs
Probabilistic Networks and Expert Systems
Probabilistic Networks and Expert Systems
Valuation of Trust in Open Networks
ESORICS '94 Proceedings of the Third European Symposium on Research in Computer Security
A Subjective Metric of Authentication
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
Modeling and Quantification of Security Attributes of Software Systems
DSN '02 Proceedings of the 2002 International Conference on Dependable Systems and Networks
A reputation-based trust model for peer-to-peer ecommerce communities [Extended Abstract]
Proceedings of the 4th ACM conference on Electronic commerce
Supporting Trust in Virtual Communities
HICSS '00 Proceedings of the 33rd Hawaii International Conference on System Sciences-Volume 6 - Volume 6
Trust Relationships in Secure Systems-A Distributed Authentication Perspective
SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
A Logical Language for Expressing Authorizations
SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Cost-Benefit Trade-Off Analysis Using BBN for Aspect-Oriented Risk-Driven Development
ICECCS '05 Proceedings of the 10th IEEE International Conference on Engineering of Complex Computer Systems
Learning Bayesian Networks
RepTrap: a novel attack on feedback-based reputation systems
Proceedings of the 4th international conference on Security and privacy in communication netowrks
An interoperable context sensitive model of trust
Journal of Intelligent Information Systems
Using trust-based information aggregation for predicting security level of systems
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
Voting Systems with Trust Mechanisms in Cyberspace: Vulnerabilities and Defenses
IEEE Transactions on Knowledge and Data Engineering
Using real option thinking to improve decision making in security investment
OTM'10 Proceedings of the 2010 international conference on On the move to meaningful internet systems - Volume Part I
Estimating the relative trustworthiness of information sources in security solution evaluation
iTrust'06 Proceedings of the 4th international conference on Trust Management
Hi-index | 0.00 |
Security is not merely about technical solutions and patching vulnerabilities. Security is about trade-offs and adhering to realistic security needs, employed to support core business processes. Also, modern systems are subject to a highly competitive market, often demanding rapid development cycles, short life-time, short time-to-market, and small budgets. Security evaluation standards, such as ISO 14508 Common Criteria and ISO/IEC 27002, are not adequate for evaluating the security of many modern systems for resource limitations, time-tomarket, and other constraints. Towards this end, we propose an alternative time and cost effective approach for evaluating the security level of a security solution, system or part thereof. Our approach relies on collecting information from different sources, who are trusted to varying degrees, and on using a trust measure to aggregate available information when deriving security level. Our approach is quantitative and implemented as a Bayesian Belief Network (BBN) topology, allowing us to reason over uncertain information and seemingly aggregating disparate information. We illustrate our approach by deriving the security level of two alternative Denial of Service (DoS) solutions. Our approach can also be used in the context of security solution trade-off analysis.